Pebble2.0.0.txt

Pebble2.0.0.txt: Posted Oct 4, 2006; Authored by Paolo Perego; Pebble 2.0.0 RC1 and 2 suffer from a cross site scripting vulnerability.; tags | advisory, xss; SHA-256 | 08a5e732869950e08e91c781c24e82104a020041dcae765ae6d6b23413dffc6f; Download | Favorite | View

Pebble2.0.0.txt

Software: Pebble
Version: 2.0.0 RC1 - 2.0.0 RC2
Author: Simon Brown
Homepage: http://pebble.sourceforge.net

Abstract
Pebble is a blogging system built upon java and XML. There is no
database to store the data into but just XML is used instead.

Description

Vulnerability: XSS vulnerability in "search" functionality. Query
string wasn't parsed for HTML and while printing it out for "Search
with google" link, the XSS can be done.

Workaround
Disable "Search with google" link in the user result page or, better,
update to the latest version in subversion.

History

Author contacted: 20 september
Author replyed: 20 september
Patch published in Subversion archive: 27 september


Disclaimer:

This advisory intended to be informational. No responsibility is taken
for its misuse.

Top Authors In Last 30 Days

Red Hat 166 files
Ubuntu 102 files
indoushka 75 files
Debian 23 files
nu11secur1ty 20 files
CraCkEr 8 files
Google Security Research 7 files
Gentoo 7 files
Apple 6 files
bluedragonsec 4 files

File Archives

Systems

AIX (428)
Apple (2,009)
BSD (374)
CentOS (57)
Cisco (1,925)
Debian (6,842)
Fedora (1,692)
FreeBSD (1,245)
Gentoo (4,329)
HPUX (879)
iOS (353)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,811)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,916)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,938)
UNIX (9,313)
UnixWare (186)
Windows (6,588)
Other

Pebble2.0.0.txt

Pebble2.0.0.txt

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Pebble2.0.0.txt

Share This

Pebble2.0.0.txt

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems